In the last issue we delved into the world of Business Process Compromises (BPC’s) and demonstrated how the attacks work, based on the case of the driven, yet naive business owner; Steve and the driven and successful attacker; Joanne. The point we made was that both seek success, both are driven and both operate businesses, and most importantly, both follow processes. This is the key, this is our light bulb moment, this is where we seek to gain the upper hand in developing defenses.
To recap, a BPC occurs when an attacker makes subtle, unnoticable changes to business processes to gain an advantage. We reviewed the case of the attackers in Antwerp making subtle changes to the location of containers at a dock, in order to make the containers carrying drugs, easier to access. Remember, they needed other attack vectors also in place to complete the heist, including dropping physical USB key loggers. The company being attacked wasn’t massive, it just happened to offer the attacker what they needed.
That attack took two years to be successful. As a result, response plans need to consider the long game too and be appropriately measured. We need to understand the risks these organisations pose to our own, as this provides a far broader understanding of how attacks work and appropriate mitigation strategies, aimed at various points in attack process, can be targeted at more than just the perimeter. Once you’ve mapped the attack surface, you then need to find an appropriate way to communicate what has been done to customers, staff and the executive board. Every stakeholder needs the confidence in the business’s ability to appropriately mitigate risks and increase the security posture of the organisation improves.
Back to the Story…
Like Steve, Joanne follows a tried and proven process known as the Cyber Killchain® (Lockheed Martin (http://www. lockheedmartin.com/us/what-we-do/aerospace-defense/ cyber/cyber-kill-chain.html), introduced in Part 1. The kill chain allows us to build defence in depth into our organisation. Prevention, as a tactical objective, should have a place in your security arsenal and cyber defence plans, however, the kill chain shows us that we need more. We should ensure appropriate levels of logging and confirm detection mechanisms are deployed. Furthermore, we need to be as follows…Click HERE to read full article.
